Why not add DENY ACL's first for specific nodes followed by PERMITS
for the entire range. As the packet hits the FW, if it matches the
DENY first, it will be tossed.
just a thought
On Thu, 10 Mar 2005 20:21:44 -0500, DLStrout <dstrout at maine dot rr dot com> wrote:
> All,
> Looking for some direction on grouping address in firewall rules. I
> would like to allow only host addresses X.X.X.10,11,12 & 14 .... etc,
> etc --> to the wan and I don't want to have to write a seperate rule for
> each (57 total) non-sequenchial host address.
>
> And, by the way ... I can not re-subnet to accomplish this!!
>
> If this is not a possibility, then maybe it would better plased as a
> feature request.
>
> BTW, have I mentioned ... A++++ product !!!! m0n0 rules !!
>
> DLStrout
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>